[prev in list] [next in list] [prev in thread] [next in thread]
List: oisf-users
Subject: Re: [Oisf-users] Suricata in Intel's DPDK environment
From: Vishal Kotalwar V <vishalkv () altencalsoftlabs ! com>
Date: 2016-05-31 11:01:04
Message-ID: 442883388.89075.1464691742307.JavaMail.zimbra () altencalsoftlabs ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thanks Andreas & Denis for the info. And yes you got it right that I want to put \
suricata in fast packet processing path. Will definitely take a look at \
compat_netmap.
It would be really helpful, If you could share your friend's email who has done \
Suricata+DPDK work.
Thanks & regards,
Vishal V. Kotalwar
From: "Denis Pearson" <dennix.pearson@gmail.com>
To: "Andreas Herz" <andi@geekosphere.org>
Cc: "oisf-users" <oisf-users@lists.openinfosecfoundation.org>
Sent: Sunday, May 29, 2016 4:13:35 PM
Subject: Re: [Oisf-users] Suricata in Intel's DPDK environment
On Saturday, May 28, 2016, Andreas Herz < andi@geekosphere.org > wrote:
On 16/05/16 at 12:44, Vishal Kotalwar V wrote:
> Hi,
>
> I am planning to run suricata in Intel's DPDK framework. I intend to
> run as an IPS so probably I need to replace NFQ calls with DPDK
> library calls for packet receive and verdict out along with some
> memory management related calls; that is my top level
Well, if you are really serious about that, you probably know compat_netmap exista, \
and it's functional. You probably know Suricata runs IPS mode under netmap framework. \
http://dpdk.readthedocs.io/en/v16.04/sample_app_ug/netmap_compatibility.html
So a first move in the direction to actually have it running In DPDK mode with DPDK \
performance while reusing existing code would be to leverage on DPDK compat layer \
with netmap. You wont regret. I personally adjusted a couple netmap applications to \
work like that and it saves lota time to find out the performance difference and \
investigate if time should be invested on DPDK when you already have an application \
running in an other fast packet processing framework like pf_ring or netmap.
My 2c
BQ_BEGIN
> I know, this is not in Suricata's current road-map but would like to
> know if anybody has tried this or similar thing before. Your
> experience can help me a great way. Any advice or pointers in the
> direction are also welcome.
I talked to a friend who has already done some DPDK related work.
It seems to be a lot of work with the API and Intel specific parts.
Since we have some Intel people working on hyperscan, there might
someone with more DPDK background knowledge and how it would fit into
Suricata.
>
> Thanks & regards, Vishal V. Kotalwar
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
--
Andreas Herz
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
BQ_END
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
[Attachment #5 (text/html)]
<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; \
color: #3366ff"><div>Thanks Andreas & Denis for the info. And yes you got it \
right that I want to put suricata in fast packet processing path. Will definitely \
take a look at compat_netmap.</div><div><br data-mce-bogus="1"></div><div>It would be \
really helpful, If you could share your friend's email who has done Suricata+DPDK \
work.</div><div><br></div><div data-marker="__SIG_PRE__"><div><span style="color: \
rgb(51, 102, 255);" data-mce-style="color: #3366ff;">Thanks & \
regards,</span><br></div><div><span style="color: rgb(51, 102, 255);" \
data-mce-style="color: #3366ff;">Vishal V. Kotalwar</span></div></div><br><hr \
id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><b>From: \
</b>"Denis Pearson" <dennix.pearson@gmail.com><br><b>To: </b>"Andreas Herz" \
<andi@geekosphere.org><br><b>Cc: </b>"oisf-users" \
<oisf-users@lists.openinfosecfoundation.org><br><b>Sent: </b>Sunday, May 29, \
2016 4:13:35 PM<br><b>Subject: </b>Re: [Oisf-users] Suricata in Intel's DPDK \
environment<br></div><br><div data-marker="__QUOTED_TEXT__">On Saturday, May 28, \
2016, Andreas Herz <<a href="mailto:andi@geekosphere.org" \
target="_blank">andi@geekosphere.org</a>> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex" data-mce-style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">On 16/05/16 at 12:44, Vishal Kotalwar V wrote:<br> > \
Hi,<br> ><br>
> I am planning to run suricata in Intel's DPDK framework. I intend to<br>
> run as an IPS so probably I need to replace NFQ calls with DPDK<br>
> library calls for packet receive and verdict out along with some<br>
> memory management related calls; that is my top \
level </blockquote><br><div>Well, if you are really serious about that, you \
probably know compat_netmap exista, and it's functional. You probably know Suricata \
runs IPS mode under netmap framework.</div><br><div><a \
href="http://dpdk.readthedocs.io/en/v16.04/sample_app_ug/netmap_compatibility.html" \
target="_blank">http://dpdk.readthedocs.io/en/v16.04/sample_app_ug/netmap_compatibility.html</a><br></div><br><div>So \
a first move in the direction to actually have it running In DPDK mode with DPDK \
performance while reusing existing code would be to leverage on DPDK \
compat layer with netmap. You wont regret. I personally adjusted a couple netmap \
applications to work like that and it saves lota time to find out the performance \
difference and investigate if time should be invested on DPDK when you already have \
an application running in an other fast packet processing framework like pf_ring \
or netmap.</div><br><div>My \
2c</div><br><br><br><br><br><br><div> </div><blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex" \
data-mce-style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> > \
I know, this is not in Suricata's current road-map but would like to<br> > know if \
anybody has tried this or similar thing before. Your<br> > experience can help me \
a great way. Any advice or pointers in the<br> > direction are also welcome.<br>
<br>
I talked to a friend who has already done some DPDK related work.<br>
It seems to be a lot of work with the API and Intel specific parts.<br>
<br>
Since we have some Intel people working on hyperscan, there might<br>
someone with more DPDK background knowledge and how it would fit into<br>
Suricata.<br>
<br>
><br>
> Thanks & regards, Vishal V. Kotalwar<br>
<br>
> _______________________________________________<br>
> Suricata IDS Users mailing list: <a href="JAVASCRIPT-BLOCKED;" \
target="_blank">oisf-users@openinfosecfoundation.org</a><br> > Site: <a \
href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: \
<a href="http://suricata-ids.org/support/" \
target="_blank">http://suricata-ids.org/support/</a><br> > List: <a \
href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" \
target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
> Suricata User Conference November 9-11 in Washington, DC: <a \
href="http://oisfevents.net" target="_blank">http://oisfevents.net</a><br> <br>
<br>
--<br>
Andreas Herz<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="JAVASCRIPT-BLOCKED;" \
target="_blank">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | \
Support: <a href="http://suricata-ids.org/support/" \
target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" \
target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
Suricata User Conference November 9-11 in Washington, DC: <a \
href="http://oisfevents.net" target="_blank">http://oisfevents.net</a></blockquote> \
<br>_______________________________________________<br>Suricata IDS Users mailing \
list: oisf-users@openinfosecfoundation.org<br>Site: http://suricata-ids.org | \
Support: http://suricata-ids.org/support/<br>List: \
https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users<br>Suricata User \
Conference November 9-11 in Washington, DC: \
http://oisfevents.net<br></div></div></body></html>
[Attachment #6 (text/plain)]
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic